>ACME is a protocol intended to become an IETF Standards Track RFC.
Oh dear God, another one? We've already got CMP, CMC, SCEP, EST, and a whole
slew of other ones that failed to get as far as RFCs, which all do what ACME
is trying to do. What's the selling point for ACME? That it blows up in your
face at the worse possible time?
Peter.
>In the examples I've reviewed the decision seems to have been made (either
>explicitly or tacitly) to leave the really difficult problem - specifically
>achieving confidence in the identity of the subject - completely unaddressed.
There wasn't any decision to leave it unaddressed, no-one had ever expressed
any interest in this at any point during the work on the previous protocols,
so there's nothing about it in any of the specs. If anyone did care about it,
it shouldn't be too hard to add support for it to any of the existing
protocols.
>So the answer to your question is that ACME's selling point is that it solves
>the problem lots of people actually have
Well, it solves a problem that no previous protocol, or potential user of the
protocol, had even acknowledged as a problem before. Whether that's (a) worth
creating an entirely new protocol rather than just adding support for it to an
existing, long-established one and (b) will make said new protocol a success
when every other attempt to do this has failed, is another matter.
>I presume the "blows up in your face" comment was purely because of ACME's
>hilarious choice of name,
You guys really need to do some work on that one :-).
Peter.
>Early drafts of SCEP, before it confined itself to "closed networks" even
>spell out what the problem is before they basically say they're not going to
>make any real attempt to tackle it. CMP, CMC and SCEP all resort to saying
>that some "out of band" mechanism should be used to verify that the applicant
>is or controls the subject DN and treat this problem as completely out of
>scope.
Various SCEP drafts have contained all sorts of stuff that was dropped when
no-one cared about it. The "out of band"/"beyond the scope of this document"
is standard boilerplate that's used when no-one cares enough to include it in
the document. In fact it pretty much explicitly says that it's not covered in
the doc because no-one cared how it was done.
So I'll repeat this again: It wasn't added to any existing protocol because
no-one's ever cared about it before. If people do care about it, why not add
it to any one of the many existing protocols rather than inventing yet another
incompatible way of doing what numerous other protocols already do?
Or is it that ACME is just a desperate attempt to derail StartCom's
StartEncrypt at any cost?
>"Schneier's Law" very much applies.
What does that have to do with no-one bothering to add whatever magic
ingredient ACME is claiming to have to any other protocol that does the same
thing? Or are you claiming that ACME is flawed because it's a reinvention of
the wheel by amateurs (which is what Schneier's Law would be saying)? That
seems a bit unlikely...
>Each week several hundred thousand certificates are issued using (an earlier
>draft of) ACME by what is now as a result one of the Web PKI's top five
>Certificate Authorities in terms of how many sites use its certificates.
OK, I think I can parse that convoluted sentence... in response: Each week who
knows how many certificates are issued using HTTP POST, Xenroll.dll, SCEP,
CMP, and who knows what else. What's your point?
Peter.
Fair enough. Just trying to figure out why someone would invent an entire new
protocol rather than tweak any one of the existing ones.
Peter.
From: Nick Lamb Sent: Wednesday, July 6, 2016 8:16 AM Subject: Re: StartEncrypt considered harmful today |
>SCEP (and all the real SCEP implementations that I could find) take the
>optimistic view that this is somebody else's problem, and so the practical
>result is security theatre.
Uhh, do you even know how SCEP is used? When you're provisioning a VPN
gateway, SCADA device, an iPhone, or one of the other systems that SCEP is
used with, the cert issue is auth'd with a PSK unique to that system, so you
know that if you see a cert with DNP3 ID ABC or AppleID XYZ, you really are
talking to the exact device/service you think you're talking to.
In contrast with the web PKI (and presumably ACME), you think you're talking
to Paypal but you could just as easily be talking to a Paypal phishing site.
Here's one example, a phishing email identified by Paypal security as being a
phish, redirecting people to an equally phishy site www.paypal-special.com,
which however had an EV cert with a serial number that duplicated that of a
genuine Paypal cert:
http://security.stackexchange.com/questions/49200/apparently-paypal-affiliated-site-with-very-suspect-security/58470).
Is it genuine or a phish? Paypal security says it's a phish, the EV cert says
it isn't.
So SCEP provides pretty strong assurance of who you're talking to, ACME (if it
follows the web PKI) provides the illusion of assurance (you think you're
talking to Paypal but it's actually a phisher). The fact that SCEP, in its
original design, doesn't do DV or whatever isn't a shortcoming of the spec,
it's because there's no need for such a low-assurance mechanism when you've
already got a high-assurance mechanism available.
Having said that, if you do think DV or whatever provides some guarantee of
security, there's nothing preventing you from adding it to SCEP, CMP, CMC,
EST, or whatever.
>Certificates are issued, public key mathematics is done, there is superficial
>appearance of a secure system but no useful assurance of identity is achieved
>and so no real threat is neutralised.
That's actually a pretty good description of the web PKI. And, presumably,
ACME if that's what it's meant to automate.
>This idea that you should just be able to "add whatever magic ingredient" is
>the exact sort of naivety that Bruce is talking about.
So adding a minor extension to a proven, established protocol is naivety but
inventing a totally new, unproven one from scratch isn't?
Look, I can see that this is obviously an issue of religious dogma for you
that ACME is perfect and everything else isn't, in light of which it doesn't
seem productive to continue this discussion, it'll just annoy everyone else
who's having to listen. Also, while it was fun initially, I'm now getting
bored. I'll bow out now.
Peter.